Chrome setting to fix this? (don't autofill passwords outside signed-in Chrome)

[Isaac]

I've been perturbed by something so long and wondering if any of you folks knew a setting that I am just missing, either in Chrome, or in my Google account.

So I love to use Chrome's password manager, but there is one thing I absolutely HATE about it, that comes SO close to totally defeating the purpose, that it makes me wonder if surely it is I who am missing something - and I hope that's the case!

Chrome saves the passwords relative to the machine it is installed on, IF nobody is signed in to Chrome.

So for example, the way I maintain my Google account and chrome, if you came to my laptop and opened chrome, you'd NOT be signed in to Google in any way, shape or form - the Profile picture would be blank (inviting you to Sign In To Chrome), and also, if you went somewhere like Gmail or Drive, you'd NOT be signed in.

And yet...in that exact scenario, if you pulled up a site that I have a saved login to, Chrome would go ahead and autofill the password and username if you asked it to.

Why, oh why, is that the case - and what can I do about it???????

 

[cheekybuddha]

Why should it care whether you are signed in to Google if you need to sign in to AWF?

and what can I do about it???????

Don't let your your browser manage your passwords.

And use a proper password manager instead.

eg KeePassXC

 

[Isaac]

Why should it care whether you are signed in to Google if you need to sign in to AWF?

Because it's Google's password manager. It should require at least an initial login - the one to Google account - prior to releasing the function.
Do you use a password manager that requires no authentication at all, anyone could walk up to it and have all your passwords?

But I sort of knew I'd get answers like this. I realize people who are serious about password managers use real ones. I just wish Google would make this one change, but I'm afraid as it is it's failing to meet even my low-ish expectations.

 

[cheekybuddha]

Because it's Google's password manager.

AIUI, it's Chrome's password manager, no?

I'm sure you can use it even if you don't have a google account.

 

[Isaac]

Hmm. In that statement, you make a good point, David.

So, I'm forced to admit that semantically, its existence is logical. [great].

 

[Isaac]

...at least Google just helped me figure out what "AIUI" means. I'm so dependent ha

 

[cheekybuddha]

You do realise that other search engines are available

 

[Isaac]

Now now, you've gotten credit for being right one time, don't push it j/k

But seriously, yeah, I've tried numerous other browsers and search engines and keep trying them occasionally throughout the years as people tell me about the next-best-one I hadn't heard of yet. I've never found anything I like even close to both Chrome and Google.

But, if another one of them had a PW manager that required browser-account-company sign-in before its fruits were available, I'd reconsider..

 

[Isaac]

PS, articles like this make it even worse:

How to Turn Off Google Password Manager (And Why You Might Want To)

Use a password manager or share devices? You may want to turn off Google Password Manager. Here's how to turn it off on Android and Chrome, plus delete saved passwords.

allaboutcookies.org

This means if someone is able to access your Google account login details, they’ll have access to all your saved passwords

NO! Even if someone has zero access to your Google account, if they just walk up to your computer and can open Chrome, they'll be able to login using any password, and if they know your computer's lock screen pin/pw, they'll have full access to the plain text. (Guess Google would argue that IS the credentialing system).

 

[cheekybuddha]

I've never found anything I like even close to both Chrome and Google.

Fair enough!

 

[Isaac]

I should make one small clarification in Google's defense:

If every time I use Chrome, I add my Profile for the first time & sign in, and each time I am done using Chrome, I remove my profile from Chrome, then following that sequence, the passwords would never be accessible to anyone else, even using the same installation of Chrome on the same machine.

Some comfort.

I tried LastPass, it stinks. Constant freezing up, juvenile design, and a lot more

 

[cheekybuddha]

I would never trust online/cloud password manager providers. They get hacked regularly.

The app I recommended is a simple app. You store your passwords in an encrypted db file which you can share on One Drive or whichever cloud service you use so you can access from anywhere.

 

[Isaac]

I'm going to try keepass as you suggested. I'll let you know how I get on.

As you can probably guess, what I find appealing about stuff like Chrome PW mgr is the portability and how it's integrated into browsing.
I can instantly have them all auto populate from anywhere - a hotel etc.
(and as long as I do so AFTER signing in to Chrome as an actual Profile - and then delete the Profile at the end, I'm safe-ish).

But I'll try what you suggested, I always appreciate suggestions from knowledgeable folk.

 

[cheekybuddha]

I'm going to try keepass as you suggested.

Note, I suggested KeepassXC as opposed to KeePass.

It can take a little setting up - but it does have integration with browsers. You may have to add an extension so it can 'connect'.

The real benefit is that you maintain control over your passwords and are not praying that the service is available or avoids getting hacked.

 

[Isaac]

I must be using the one you're recommending because it does have a browser integration and it does have a connect feature. Right now I'm just trying to get it trying to figure out why it closes the database and disconnects like within 3 minutes. I have the setting set to 600 seconds but even though it's less than 10 minutes it keeps timing out. I'll keep trying it it does seem quite good